中国公司被指在安卓手机留 '后门'

choi

Matt Apuzzo and Michael S Schmidt, 中国公司被指在安卓手机留 '后门.'  纽约时报中文网, Nov 16, 2016
http://cn.nytimes.com/world/2016 ... -software-security/

, which is translated from

Matt Apuzzo and Michael S Schmidt, Text a Message, China Gets a Peek; Prepaid Phones in US ran a secret code. New York Times, Nov 16, 2016 (front page).


Excerpt in the window of print: 'Even if you wanted to, you wouldn't have known about it.'

Quote:

(a) "a secret feature: a backdoor that sends all your text messages to China every 72 hours.  

(b) "Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages.

(c) It is "software. But the scope [of number of phones preinstalled with the software] is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company 上海广升信息技术股份有限公司 [company website does not explain how it comes up with that name], says its code runs on more than 700 million phones, cars and other smart devices.

(d) "Kryptowire, the [Fairfax, Virginia - based] security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server [in Shanghai that was registered to Adups]. * * * the surveillance is not disclosed to users

(e) "It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem * * * That version of the software was not intended for American phones, the company said.  'This is a private company that made a mistake,' said Lily Lim, a lawyer in Palo Alto, Calif, who represents Adups. * * * Ms Lim said Adups was not affiliated with the Chinese government.

(f) "At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software, Kryptowire said.

"According to its website, Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. Both are based in China.

(g) "Because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable.

(h) "Kryptowire took its findings to the United States government. It plans to make its report public as early as Tuesday.

Note: In quotation (f), NYTimes translates "firmware" as 固件. As for the origin of the English name, see firmware
https://en.wikipedia.org/wiki/Firmware
(It existed on the boundary between hardware and software; thus the name "firmware")